How to combine Azure AD SSO with AWS programmatic access ?

Since we both use Azure AD (Office365 / LDAP) for the companies user management and AWS for our hosting we already enabled federation between these cloud providers. This works perfectly by assuming an IAM Role through the Azure AD credentials and have console access through single-sing-on.

However to use the AWS CLI a user would need programmatic access and it’s access and secret keys. Luckily for us there is an excellent open-source project for that called aws-azure-login. And since it’s on npm very easy to run on Mac, Linux and Windows.

What do we need ?

install the package as mentioned: npm install -g aws-azure-login (or not global if you fancy that)

Since we configured MFA on Azure AD there is also the Verification Code besides the password to provide. When we succeed the aws-azure-login actually generated a profile in the AWS credentials configuration which holds the access and secret key. So let’s check.